Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-b9np-xrb9-g3fd
Summary
Keycloak Authentication Error
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Aliases
0
alias CVE-2019-14909
1
alias GHSA-fv4q-wm8c-wjg4
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@8.0.0
purl pkg:maven/org.keycloak/keycloak-parent@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-3248-31p8-tyd4
2
vulnerability VCID-3jpe-awam-wqdz
3
vulnerability VCID-6ure-3hgz-xfgn
4
vulnerability VCID-7z49-f322-n7g8
5
vulnerability VCID-8zrg-f41g-pqfk
6
vulnerability VCID-cabc-jrpz-vuad
7
vulnerability VCID-dxj3-8sk5-mfdy
8
vulnerability VCID-f8mj-85vd-2yh5
9
vulnerability VCID-gjzp-cqhp-augx
10
vulnerability VCID-gndk-728r-9yh7
11
vulnerability VCID-jkh6-bvx2-dycm
12
vulnerability VCID-nhe2-8dtq-gqbf
13
vulnerability VCID-rssz-yqj9-b7h8
14
vulnerability VCID-sk6p-vfu6-7kem
15
vulnerability VCID-umcf-t6w5-juha
16
vulnerability VCID-xauc-r9cm-sycu
17
vulnerability VCID-xdfe-9zr4-47ax
18
vulnerability VCID-xdxx-tdkj-wbba
19
vulnerability VCID-yk5u-7cuz-7kdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0
1
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-7j7q-m1zp-zfac
2
vulnerability VCID-dxj3-8sk5-mfdy
3
vulnerability VCID-e9qa-sy57-fqby
4
vulnerability VCID-ebn8-cjqs-k3ad
5
vulnerability VCID-engr-q4ge-53dc
6
vulnerability VCID-fknh-1j7d-jyeq
7
vulnerability VCID-gjy5-c6by-2ufg
8
vulnerability VCID-gp47-t3vm-57an
9
vulnerability VCID-jzn6-bzzf-nugp
10
vulnerability VCID-kzc8-pgz7-6bep
11
vulnerability VCID-mqgm-ezmw-h7ev
12
vulnerability VCID-nhe2-8dtq-gqbf
13
vulnerability VCID-s6f1-tnbu-jfaq
14
vulnerability VCID-sk6p-vfu6-7kem
15
vulnerability VCID-th5p-51pd-3ffg
16
vulnerability VCID-u5ba-kpd5-67bm
17
vulnerability VCID-xq2v-4txb-sueu
18
vulnerability VCID-y1jz-hqab-pycq
19
vulnerability VCID-yk5u-7cuz-7kdt
20
vulnerability VCID-yp87-przu-bbbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-parent@7.0.0
purl pkg:maven/org.keycloak/keycloak-parent@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-3248-31p8-tyd4
2
vulnerability VCID-3jpe-awam-wqdz
3
vulnerability VCID-6ure-3hgz-xfgn
4
vulnerability VCID-7z49-f322-n7g8
5
vulnerability VCID-8zrg-f41g-pqfk
6
vulnerability VCID-b9np-xrb9-g3fd
7
vulnerability VCID-cabc-jrpz-vuad
8
vulnerability VCID-dxj3-8sk5-mfdy
9
vulnerability VCID-f8mj-85vd-2yh5
10
vulnerability VCID-gjzp-cqhp-augx
11
vulnerability VCID-gndk-728r-9yh7
12
vulnerability VCID-jkh6-bvx2-dycm
13
vulnerability VCID-jprv-e2zb-v7bb
14
vulnerability VCID-mumt-rvzk-w7d4
15
vulnerability VCID-nhe2-8dtq-gqbf
16
vulnerability VCID-rssz-yqj9-b7h8
17
vulnerability VCID-sk6p-vfu6-7kem
18
vulnerability VCID-umcf-t6w5-juha
19
vulnerability VCID-xauc-r9cm-sycu
20
vulnerability VCID-xdfe-9zr4-47ax
21
vulnerability VCID-xdxx-tdkj-wbba
22
vulnerability VCID-yk5u-7cuz-7kdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@7.0.0
1
url pkg:maven/org.keycloak/keycloak-parent@7.0
purl pkg:maven/org.keycloak/keycloak-parent@7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b9np-xrb9-g3fd
1
vulnerability VCID-umcf-t6w5-juha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@7.0
2
url pkg:maven/org.keycloak/keycloak-parent@7.0.1
purl pkg:maven/org.keycloak/keycloak-parent@7.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-3248-31p8-tyd4
2
vulnerability VCID-3jpe-awam-wqdz
3
vulnerability VCID-6ure-3hgz-xfgn
4
vulnerability VCID-7z49-f322-n7g8
5
vulnerability VCID-8zrg-f41g-pqfk
6
vulnerability VCID-b9np-xrb9-g3fd
7
vulnerability VCID-cabc-jrpz-vuad
8
vulnerability VCID-dxj3-8sk5-mfdy
9
vulnerability VCID-f8mj-85vd-2yh5
10
vulnerability VCID-gjzp-cqhp-augx
11
vulnerability VCID-gndk-728r-9yh7
12
vulnerability VCID-jkh6-bvx2-dycm
13
vulnerability VCID-jprv-e2zb-v7bb
14
vulnerability VCID-mumt-rvzk-w7d4
15
vulnerability VCID-nhe2-8dtq-gqbf
16
vulnerability VCID-rssz-yqj9-b7h8
17
vulnerability VCID-sk6p-vfu6-7kem
18
vulnerability VCID-umcf-t6w5-juha
19
vulnerability VCID-xauc-r9cm-sycu
20
vulnerability VCID-xdfe-9zr4-47ax
21
vulnerability VCID-xdxx-tdkj-wbba
22
vulnerability VCID-yk5u-7cuz-7kdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@7.0.1
3
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-4wpu-jga7-9fer
2
vulnerability VCID-7j7q-m1zp-zfac
3
vulnerability VCID-b9np-xrb9-g3fd
4
vulnerability VCID-dxj3-8sk5-mfdy
5
vulnerability VCID-e9qa-sy57-fqby
6
vulnerability VCID-ebn8-cjqs-k3ad
7
vulnerability VCID-engr-q4ge-53dc
8
vulnerability VCID-fknh-1j7d-jyeq
9
vulnerability VCID-gjy5-c6by-2ufg
10
vulnerability VCID-gp47-t3vm-57an
11
vulnerability VCID-jzn6-bzzf-nugp
12
vulnerability VCID-kzc8-pgz7-6bep
13
vulnerability VCID-m1cv-61u2-y3ck
14
vulnerability VCID-mqgm-ezmw-h7ev
15
vulnerability VCID-mumt-rvzk-w7d4
16
vulnerability VCID-nhe2-8dtq-gqbf
17
vulnerability VCID-s6f1-tnbu-jfaq
18
vulnerability VCID-sghy-8wey-5yg5
19
vulnerability VCID-sk6p-vfu6-7kem
20
vulnerability VCID-th5p-51pd-3ffg
21
vulnerability VCID-u5ba-kpd5-67bm
22
vulnerability VCID-umcf-t6w5-juha
23
vulnerability VCID-xq2v-4txb-sueu
24
vulnerability VCID-y1jz-hqab-pycq
25
vulnerability VCID-yk5u-7cuz-7kdt
26
vulnerability VCID-yp87-przu-bbbg
27
vulnerability VCID-yzy7-9vf5-tfht
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
4
url pkg:npm/keycloak-connect@7.0.1
purl pkg:npm/keycloak-connect@7.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14c3-xa9j-mbab
1
vulnerability VCID-7j7q-m1zp-zfac
2
vulnerability VCID-b9np-xrb9-g3fd
3
vulnerability VCID-dxj3-8sk5-mfdy
4
vulnerability VCID-e9qa-sy57-fqby
5
vulnerability VCID-ebn8-cjqs-k3ad
6
vulnerability VCID-engr-q4ge-53dc
7
vulnerability VCID-fknh-1j7d-jyeq
8
vulnerability VCID-gjy5-c6by-2ufg
9
vulnerability VCID-gp47-t3vm-57an
10
vulnerability VCID-jprv-e2zb-v7bb
11
vulnerability VCID-jzn6-bzzf-nugp
12
vulnerability VCID-kzc8-pgz7-6bep
13
vulnerability VCID-m1cv-61u2-y3ck
14
vulnerability VCID-mqgm-ezmw-h7ev
15
vulnerability VCID-mumt-rvzk-w7d4
16
vulnerability VCID-nhe2-8dtq-gqbf
17
vulnerability VCID-s6f1-tnbu-jfaq
18
vulnerability VCID-sghy-8wey-5yg5
19
vulnerability VCID-sk6p-vfu6-7kem
20
vulnerability VCID-th5p-51pd-3ffg
21
vulnerability VCID-u5ba-kpd5-67bm
22
vulnerability VCID-umcf-t6w5-juha
23
vulnerability VCID-xq2v-4txb-sueu
24
vulnerability VCID-y1jz-hqab-pycq
25
vulnerability VCID-yk5u-7cuz-7kdt
26
vulnerability VCID-yp87-przu-bbbg
27
vulnerability VCID-yzy7-9vf5-tfht
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14909.json
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14909.json
1
reference_url https://access.redhat.com/security/cve/cve-2019-14909
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2019-14909
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14909
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52441
published_at 2026-04-18T12:55:00Z
1
value 0.0029
scoring_system epss
scoring_elements 0.52328
published_at 2026-04-07T12:55:00Z
2
value 0.0029
scoring_system epss
scoring_elements 0.52381
published_at 2026-04-08T12:55:00Z
3
value 0.0029
scoring_system epss
scoring_elements 0.52376
published_at 2026-04-09T12:55:00Z
4
value 0.0029
scoring_system epss
scoring_elements 0.52426
published_at 2026-04-21T12:55:00Z
5
value 0.0029
scoring_system epss
scoring_elements 0.5241
published_at 2026-04-12T12:55:00Z
6
value 0.0029
scoring_system epss
scoring_elements 0.52396
published_at 2026-04-13T12:55:00Z
7
value 0.0029
scoring_system epss
scoring_elements 0.52435
published_at 2026-04-16T12:55:00Z
8
value 0.0029
scoring_system epss
scoring_elements 0.52293
published_at 2026-04-01T12:55:00Z
9
value 0.0029
scoring_system epss
scoring_elements 0.52335
published_at 2026-04-02T12:55:00Z
10
value 0.0029
scoring_system epss
scoring_elements 0.52363
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14909
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14909
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14909
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1778259
reference_id 1778259
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1778259
7
reference_url https://github.com/advisories/GHSA-fv4q-wm8c-wjg4
reference_id GHSA-fv4q-wm8c-wjg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv4q-wm8c-wjg4
Weaknesses
0
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
1
cwe_id 305
name Authentication Bypass by Primary Weakness
description The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
2
cwe_id 306
name Missing Authentication for Critical Function
description The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 9.3
Exploitability0.5
Weighted_severity8.4
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-b9np-xrb9-g3fd